diff --git a/integration/js/src/main/resources/META-INF/resources/js/keycloak.js b/integration/js/src/main/resources/META-INF/resources/js/keycloak.js
index dd49966..336974b 100755
--- a/integration/js/src/main/resources/META-INF/resources/js/keycloak.js
+++ b/integration/js/src/main/resources/META-INF/resources/js/keycloak.js
@@ -38,9 +38,9 @@ var Keycloak = function (options) {
delete sessionStorage.oauthToken;
processCallback(successCallback, errorCallback);
} else if (options.token) {
- setToken(options.token, successCallback);
+ kc.setToken(options.token, successCallback);
} else if (sessionStorage.oauthToken) {
- setToken(sessionStorage.oauthToken, successCallback);
+ kc.setToken(sessionStorage.oauthToken, successCallback);
} else if (options.onload) {
switch (options.onload) {
case 'login-required' :
@@ -58,7 +58,7 @@ var Keycloak = function (options) {
}
kc.logout = function () {
- setToken(undefined);
+ kc.setToken(undefined);
window.location.href = kc.createLogoutUrl();
}
@@ -164,8 +164,10 @@ var Keycloak = function (options) {
var url = kc.getRealmUrl() + '/tokens/access/codes';
var req = new XMLHttpRequest();
- req.open('POST', url, true, options.clientId, options.clientSecret);
+ req.open('POST', url, true);
req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
+ req.setRequestHeader('Authorization', 'Basic ' + btoa(options.clientId + ':' + options.clientSecret));
+ req.withCredentials = true;
req.onreadystatechange = function () {
if (req.readyState == 4) {
@@ -197,12 +199,12 @@ var Keycloak = function (options) {
kc.tokenParsed = JSON.parse(atob(token.split('.')[1]));
kc.authenticated = true;
- kc.username = kc.tokenParsed.sub;
+ kc.subject = kc.tokenParsed.sub;
kc.realmAccess = kc.tokenParsed.realm_access;
kc.resourceAccess = kc.tokenParsed.resource_access;
setTimeout(function() {
- successCallback && successCallback({ authenticated: kc.authenticated, username: kc.username });
+ successCallback && successCallback({ authenticated: kc.authenticated, subject: kc.subject });
}, 0);
} else {
delete sessionStorage.oauthToken;
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 16db7d0..6784de8 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -38,6 +38,7 @@ import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.NotAcceptableException;
import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@@ -344,6 +345,13 @@ public class TokenService {
}
@Path("access/codes")
+ @OPTIONS
+ @Produces("application/json")
+ public Response accessCodeToTokenPreflight() {
+ return Cors.add(request, Response.ok()).auth().preflight().build();
+ }
+
+ @Path("access/codes")
@POST
@Produces("application/json")
public Response accessCodeToToken(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap<String, String> formData) {
@@ -418,7 +426,7 @@ public class TokenService {
.generateIDToken()
.generateRefreshToken().build();
- return Cors.add(request, Response.ok(res)).allowedOrigins(client).allowedMethods("POST").build();
+ return Cors.add(request, Response.ok(res)).auth().allowedOrigins(client).allowedMethods("POST").build();
}
protected ClientModel authorizeClient(String authorizationHeader) {
